2024-11-20
Platform: LibreNMS
Version: Unaffected versions not listed (all versions before 24.10.0 likely vulnerable)
Vulnerability: Stored XSS
Severity: Critical
Date: November 15, 2024
:
This critical vulnerability in LibreNMS allows authenticated users to inject malicious code through a parameter in the “Manage User Access” page. This code can then be executed when another user visits the “Bill Access” dropdown, potentially compromising user sessions and allowing unauthorized actions.
What Undercode Says:
LibreNMS users should update to version 24.10.0 immediately to address this critical vulnerability. Administrators should be aware of the potential consequences of XSS attacks and take steps to mitigate them, such as implementing strong input validation and user access controls.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help